Blog | G5 Cyber Security

Bettercap SSLStrip Not Working: Fix Guide

G5 Cyber Security

TL;DR

Bettercap 2.x’s SSLStrip module might not convert links automatically due to configuration issues or missing dependencies. This guide covers common problems and solutions, including enabling HTTP proxying, checking your network setup, and verifying the correct Bettercap options.

Fixing Bettercap SSLStrip

  1. Check Dependencies: Ensure you have all necessary tools installed.
    • Bettercap itself.
    • tcpdump or a similar packet capture tool (required for sniffing).
    • A suitable HTTP proxy like mitmproxy, socat, or even a simple Python script. SSLStrip relies on an upstream proxy to handle the actual redirection and modification of traffic.
  2. Enable HTTP Proxying: SSLStrip needs an HTTP proxy to intercept and modify traffic.
    • The most common issue is not having a proxy configured or it being unavailable. Bettercap doesn’t include a built-in proxy, so you must set one up separately.
    • Example using mitmproxy: 
      mitmdump -s /path/to/sslstrip.py --host 0.0.0.0:8080

      (Replace `/path/to/sslstrip.py` with the actual path to your SSLStrip script.)

    • Example using socat: 
      socat TCP-LISTEN:8080,fork TCP:localhost:3128
  3. Configure Bettercap Options: Use the correct options when starting Bettercap.
    • Start Bettercap with the --proxy option pointing to your proxy’s address and port: 
      bettercap -iface eth0 --proxy http://127.0.0.1:8080 sslstrip on

      (Replace `eth0` with your network interface.)

    • Ensure sslstrip.on is used to activate the module.
  4. Verify Network Setup: Make sure traffic is being routed through Bettercap.
    • ARP Spoofing: SSLStrip requires ARP spoofing to redirect traffic. Ensure that your target hosts are successfully spoofed using the net.spoof on command within Bettercap.
    • IP Forwarding: Enable IP forwarding on your system so that packets can be routed correctly. 
      sudo sysctl -w net.ipv4.ip_forward=1
  5. Check SSLStrip Script (if custom): If you’re using a custom SSLStrip script, review it for errors.
    • Ensure the script is correctly handling HTTP redirects and modifying links.
    • Verify that the script is listening on the correct port and interface.
  6. Firewall Rules: Check your firewall settings.
    • Make sure your firewall isn’t blocking traffic to/from Bettercap or your proxy.
    • Allow connections on ports 80, 443 and the port you configured for your HTTP proxy (e.g., 8080).
  7. Browser Cache: Clear your browser cache.
    • Cached resources might be preventing SSLStrip from working correctly.
  8. Test with a Simple Website: Start with a basic, non-HTTPS website to test if SSLStrip is functioning at all.
    • If it works on a simple site, the issue might be related to the target website’s specific configuration.
Exit mobile version